I'm looking at using Amazon's Simple Email Service (SES) to send out some emails using their templates. However, the email templates will need to contain user entered data. In order to prevent XSS attacks, I need to escape any html or javascript in the users's data, but I can't find anything in the documentation about escaping. Does SES support escaping user data?
As per the official documentation: https://docs.aws.amazon.com/ses/latest/dg/send-personalized-email-advanced.html
Handlebars includes additional features beyond those documented in this section. For more information, see Built-In Helpers at handlebarsjs.com.
You have to have a look at https://handlebarsjs.com/guide/expressions.html#html-escaping